Versions (3)
Version DetailsCurrent
Rev: 6 • Dec 22, 2012, 12:00 PMET MALWARE FakeAV checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FakeAV checkin"; flow:established,to_server; http.user_agent; content:"Mozilla/5.0 (compatible|3b 20|MSIE 9.0|3b 20|Windows NT 7.1|3b 20|Trident/5.0)"; fast_pattern; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; depth:20; content:!"Accept"; reference:md5,dd4d18c07e93c34d082dab57a38f1b86; reference:md5,5a864ccfeee9c0c893cfdc35dd8820a6; classtype:command-and-control; sid:2016089; rev:6; metadata:created_at 2012_12_22, signature_severity Major, updated_at 2020_08_18;)
Dec 22, 2012, 12:00 PM
Aug 18, 2020, 12:00 PM
Dec 22, 2012, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules